<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title>csrf</title>
</head>
<body>
	<form action="/foo/csrf" method="post">
		<p><input name="con1" type="text" placeholder="con1"></p>
		<p><input name="con2" type="text" placeholder="con2"></p>
		<p><input name="con3" type="text" placeholder="con3"></p>
	</form>
	<input type="button" value="Ajax CSRF" onclick="submitCsrf();">

	<script src="{{ static_url('js/jquery-1.11.3/jquery.min.js') }}" type="text/javascript"></script>
	<script type="text/javascript">
		function getCookie(name) {
			var r = document.cookie.match('\\b' + name + '=([^;]*)\\b');
			return r ? r[1] : undefined;
        }
		function submitCsrf() {
		    var nid = getCookie('_xsrf');
			$.ajax({
				type: 'POST',
				url: '/foo/csrf',
				data: {'k1': 'v1', '_xsrf': nid},
				success: function (callback) {
                    // Ajax请求发送成功后，自动执行
                    // callback, 服务器write的数据， 即'csrf.post'
                    console.log(callback);
                }
			});
			// 或
{#			$.post('/foo/csrf',{'username':'sssssss','password':'bbbbbbb'},function (callback) {#}
{#				console.log(callback);#}
{#            })#}

        }
	</script>
</body>
</html>